<?php
include("../../tools/session.php");
include("../../tools/controls.php");

// 如果登录失败、无权限访问，那么采取相应措施
if (!($is_login_success === true)) { session_hop_page("../index.php"); exit(); }
if (!power_check(0)) { include("tpl-inc-wp.php"); $tpl->display($oa_tpl_path . "/no-power.html"); exit(); }

/*-- 以下是实际内容 --*/
$page_status = $_POST["page_status"];
if (!$page_status)
{
	include("../../tools/mysql.php");
	include("tpl-inc-wp.php");
	db_connect();
	
	$sql1 = "SELECT news_id, title FROM news ORDER BY addtime DESC LIMIT 0, 8";
	$sql2 = "SELECT notice_id, title FROM notice ORDER BY addtime DESC LIMIT 0, 8";
	$sql3 = "SELECT b.doc_id, b.title FROM doc_exam a, document b "
		. " WHERE a.handout_id=" . $_SESSION["user"]["id"]
		. " AND a.has_examed=0 "
		. " AND a.doc_id=b.doc_id "
		. " AND b.is_canceled=0 "
		. " AND b.is_finished=0 "
		. " ORDER BY b.apply_time DESC "
		. " LIMIT 0, 8";
	$re1 = db_query($sql1);
	$re2 = db_query($sql2);
	$re3 = db_query($sql3);
	
	$tpl->assign("news_data", $re1);
	$tpl->assign("notice_data", $re2);
	$tpl->assign("wf_examin", $re3);
	$tpl->assign("username", $_SESSION["user"]["username"]);
	$tpl->display($oa_tpl_path . "/default/main.html");
}
// 显示新闻或通知 XML
elseif ($page_status == 1)
{
	$id = $_POST["id"];
	$flag = $_POST["flag"];

	include("../../tools/mysql.php");
	db_connect();
	
	header("content-type: text/xml");
	echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
	echo "<nn>\n";

	// 如果 $flag == 0，那么显示“新闻”数据；如果 $flag == 1，那么显示“通知”数据
	if ($flag == 0) { $sql = "SELECT title, content FROM news WHERE news_id=" . $id; }
	elseif ($flag == 1) { $sql = "SELECT title, content FROM notice WHERE notice_id=" . $id; }

	$re = db_query_once($sql);
	echo "<title><![CDATA[" . $re["title"] . "]]></title>\n";
	echo "<content><![CDATA[" . $re["content"] . "]]></content>";
	
	echo "</nn>\n";
}

?>
